Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
219
security advisorymoderateMySQLRocky Linux 9 database safety Risk Advisory RLSA-2026-5821
Moderate: mysql:8.4 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5640", "synopsis": "Moderate: mysql:8.4 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for mecab-ipadic, rapidjson, module.rapidjson, module.mecab-ipadic, module.mecab, mecab.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21941)\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21948)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2026) (CVE-2026-21936)\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21968)\n\n* mysql: DDL unspecified vulnerability (CPU Jan 2026) (CVE-2026-21937)\n\n* mysql: Thread Pooling unspecified vulnerability (CPU Jan 2026) (CVE-2026-21964)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431384", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431384", "description": ""}, {"ticket": "2431385", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431385", "description": ""}, {"ticket": "2431402", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431402", "description": ""}, {"ticket": "2431409", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431409", "description": ""}, {"ticket": "2431413", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2431413", "description": ""}, {"ticket": "2431431", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431431", "description": ""}], "cves": [{"name": "CVE-2026-21936", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21936", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21937", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21937", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21941", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21941", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21948", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21948", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21964", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21964", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21968", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21968", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": null}], "references": [], "publishedAt": "2026-03-24T18:03:46.961393Z", "rpms": {"Rocky Linux 9": {"nvras": ["mecab-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.aarch64.rpm", "mecab-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.ppc64le.rpm", "mecab-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.s390x.rpm", "mecab-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.src.rpm", "mecab-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.x86_64.rpm", "mecab-debuginfo-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.aarch64.rpm","mecab-debuginfo-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.ppc64le.rpm", "mecab-debuginfo-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.s390x.rpm", "mecab-debuginfo-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.x86_64.rpm", "mecab-debugsource-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.aarch64.rpm", "mecab-debugsource-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.ppc64le.rpm", "mecab-debugsource-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.s390x.rpm", "mecab-debugsource-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.x86_64.rpm", "mecab-devel-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.aarch64.rpm", "mecab-devel-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.ppc64le.rpm", "mecab-devel-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.s390x.rpm", "mecab-devel-0:0.996-3.module+el9.7.0+40027+0df0d4e0.4.x86_64.rpm", "mecab-ipadic-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.aarch64.rpm", "mecab-ipadic-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.ppc64le.rpm", "mecab-ipadic-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.s390x.rpm", "mecab-ipadic-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.src.rpm", "mecab-ipadic-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.x86_64.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.aarch64.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.ppc64le.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.s390x.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-24.module+el9.7.0+40027+0df0d4e0.x86_64.rpm", "rapidjson-0:1.1.0-19.module+el9.7.0+40027+0df0d4e0.src.rpm", "rapidjson-devel-0:1.1.0-19.module+el9.7.0+40027+0df0d4e0.aarch64.rpm", "rapidjson-devel-0:1.1.0-19.module+el9.7.0+40027+0df0d4e0.ppc64le.rpm", "rapidjson-devel-0:1.1.0-19.module+el9.7.0+40027+0df0d4e0.s390x.rpm", "rapidjson-devel-0:1.1.0-19.module+el9.7.0+40027+0df0d4e0.x86_64.rpm", "rapidjson-doc-0:1.1.0-19.module+el9.7.0+40027+0df0d4e0.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 9: mysql receives moderate security updates to address optimizerissues and InnoDB threats. Stay informed!. mysql security, Rocky Linux update, database security advisory. . LinuxSecurity.com Team
Mar 24, 2026
Rocky Linux
217
security advisorysecurity updatecritical updateOracle Linux 8 ELSA-2023-7884: Critical PostgreSQL Update for CVEs
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-7884 https://linux.oracle.com/errata/ELSA-2023-7884.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-contrib-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-docs-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-plperl-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-plpython3-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-pltcl-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-private-devel-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-private-libs-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-server-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-server-devel-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-static-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-test-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-test-rpm-macros-15.5-1.module+el8.9.0+90110+d8a562d5.noarch.rpm postgresql-upgrade-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm postgresql-upgrade-devel-15.5-1.module+el8.9.0+90110+d8a562d5.x86_64.rpm aarch64: pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-contrib-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-docs-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-plperl-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-plpython3-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-pltcl-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-private-devel-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-private-libs-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-server-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-server-devel-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-static-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-test-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-test-rpm-macros-15.5-1.module+el8.9.0+90110+d8a562d5.noarch.rpm postgresql-upgrade-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm postgresql-upgrade-devel-15.5-1.module+el8.9.0+90110+d8a562d5.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//pgaudit-1.7.0-1.module+el8.9.0+90110+d8a562d5.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//pg_repack-1.4.8-1.module+el8.9.0+90110+d8a562d5.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//postgres-decoderbufs-1.9.7-1.Final.module+el8.9.0+90110+d8a562d5.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//postgresql-15.5-1.module+el8.9.0+90110+d8a562d5.src.rpm Related CVEs: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 CVE-2023-39418 Description of changes: pgaudit [1.7.0-1] - Update to 1.7.0 - Support postgresql 15 - Related: #2128241 [1.5.0-1] - Update to version 1.5.0 Related: #1855776 pg_repack [1.4.8-1] - Update to version 1.4.8 - Postgresql 15 is supported - Related: #2128241 [1.4.6-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 postgres-decoderbufs postgresql [15.5-1] - Update to upstream version 15.5 - Fixes: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 CVE-2023-39418 - Resolves: RHEL-16088 RHEL-16135 RHEL-16137 _______________________________________________ El-errata mailing list
Jan 02, 2024
•Critical
Oracle
98
security advisorysecurity issueRed HatRed Hat: RHSA-2022:4805-01 Important: PostgreSQL 10 Security Risk
An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: postgresql:10 security update Advisory ID: RHSA-2022:4805-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4805 Issue date: 2022-05-30 CVE Names: CVE-2022-1552 ==================================================================== 1. Summary: An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (10.21). Security Fix(es): * postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox (CVE-2022-1552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed(https://bugzilla.redhat.com/): 2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: postgresql-10.21-2.module+el8.6.0+15342+53518fac.src.rpm aarch64: postgresql-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-contrib-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-contrib-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-debugsource-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-docs-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-docs-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-plperl-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-plperl-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-plpython3-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-plpython3-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-pltcl-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-pltcl-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-server-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-server-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-server-devel-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-server-devel-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-static-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-test-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-test-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-test-rpm-macros-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-upgrade-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-upgrade-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-upgrade-devel-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm postgresql-upgrade-devel-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.aarch64.rpm ppc64le: postgresql-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-contrib-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-contrib-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-debugsource-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-docs-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-docs-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-plperl-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-plperl-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-plpython3-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-plpython3-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-pltcl-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-pltcl-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-server-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-server-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-server-devel-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-server-devel-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-static-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-test-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-test-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-test-rpm-macros-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-upgrade-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-upgrade-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-upgrade-devel-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm postgresql-upgrade-devel-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.ppc64le.rpm s390x: postgresql-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-contrib-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-contrib-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-debugsource-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-docs-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-docs-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-plperl-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-plperl-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-plpython3-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-plpython3-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-pltcl-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-pltcl-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-server-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-server-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-server-devel-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-server-devel-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-static-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-test-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-test-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-test-rpm-macros-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-upgrade-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-upgrade-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-upgrade-devel-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm postgresql-upgrade-devel-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.s390x.rpm x86_64: postgresql-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-contrib-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-contrib-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-debugsource-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-docs-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-docs-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-plperl-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-plperl-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-plpython3-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-plpython3-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-pltcl-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-pltcl-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-server-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-server-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-server-devel-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-server-devel-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-static-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-test-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-test-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-test-rpm-macros-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-upgrade-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-upgrade-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-upgrade-devel-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm postgresql-upgrade-devel-debuginfo-10.21-2.module+el8.6.0+15342+53518fac.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1552 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYpTSG9zjgjWX9erEAQh5rQ//fajwjW7BF4vU5SLXYP1LCrXvAs4jldYq PUdKxn8jfJy7yy2ZjSeuR9exa0dheBsPkHPB54oVCe/eKrv5tF0rYGkGPWmI3s0K uMXfJqkFJRkwDSR0WDhzB8uINPZKZ3YCrPgvH3ZfkX987nIHW6OboaBurO9gjrw+ aJmo64eYIlxhqkocw8MlQYVyuaYmzCvbReulWKOO7ecYOMy0D2miPq06lbbn99K9 fGN3yCDYsZIobnyr8mL2JW6WBUEAIF38xFf950ofbYzJwJhNwzQYJ+8iH4DphDub 4IcnMN+JSn919mgf5OdAHxEo1nT1D1dl2ziWpJssnQQf96W5GIGEHXWexZKI2mv5 rFdb7kfEDPNYxRo/3QRmF6rowaXC2ZuWFmc2nnCzvOlqUv2gKkXHkk7Q4fvqzRYJ 0lxh5ONbOxw/JehQ061VItwOlq8CeObmbX1e+DvT/oAIqECr4NN+iDpKIbr65h+y WrCSQ1wtlWegIk8Iryx7I8UgLBQHcYKj4ZZjGenT1ksb3TUU3er3AoPpKkGcl+Eu 3m9/4RhR9EMRKX8glHLNi3aukrmUsZxn3dzAQDvd2xqQ9k2948P2diolFCdKbIA3 lBF/6sVXmBzIMJzsxNmrXjR5tvjaDZgRoDB/g7K+TIoHcVSt3ozDs8zCxmN/c/K5 QkUJp119LnM=P2WI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 30, 2022
•Important
Red Hat
99
security advisorycritical issuesecurity fixSlackware 15.0: 2022-141-01 Critical: Mariadb Security Issues
New mariadb packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2022-141-01) New mariadb packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/mariadb-10.5.16-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and several security issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-27376 https://www.cve.org/CVERecord?id=CVE-2022-27377 https://www.cve.org/CVERecord?id=CVE-2022-27378 https://www.cve.org/CVERecord?id=CVE-2022-27379 https://www.cve.org/CVERecord?id=CVE-2022-27380 https://www.cve.org/CVERecord?id=CVE-2022-27381 https://www.cve.org/CVERecord?id=CVE-2022-27382 https://www.cve.org/CVERecord?id=CVE-2022-27383 https://www.cve.org/CVERecord?id=CVE-2022-27384 https://www.cve.org/CVERecord?id=CVE-2022-27386 https://www.cve.org/CVERecord?id=CVE-2022-27387 https://www.cve.org/CVERecord?id=CVE-2022-27444 https://www.cve.org/CVERecord?id=CVE-2022-27445 https://www.cve.org/CVERecord?id=CVE-2022-27446 https://www.cve.org/CVERecord?id=CVE-2022-27447 https://www.cve.org/CVERecord?id=CVE-2022-27448 https://www.cve.org/CVERecord?id=CVE-2022-27449 https://www.cve.org/CVERecord?id=CVE-2022-27451 https://www.cve.org/CVERecord?id=CVE-2022-27452 https://www.cve.org/CVERecord?id=CVE-2022-27455 https://www.cve.org/CVERecord?id=CVE-2022-27456 https://www.cve.org/CVERecord?id=CVE-2022-27457 https://www.cve.org/CVERecord?id=CVE-2022-27458 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: ecb061b2fd14afa6a49ce7ec6444f330 mariadb-10.5.16-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 2f0ff61046594f11ea453a0cd72a6821 mariadb-10.5.16-x86_64-1_slack15.0.txz Slackware -current package: 585471bc35bacb823bb2fa4dfc5822f7 ap/mariadb-10.6.8-i586-1.txz Slackware x86_64 -current package: c1de747136665d820b7562d5d9d9ad7d ap/mariadb-10.6.8-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mariadb-10.5.16-i586-1_slack15.0.txz Then, restart the database server: # sh /etc/rc.d/rc.mysqld restart +-----+ . Recent PostgreSQL updates introduced for Slackware to rectify vulnerabilities and improve overall performance.. mariadb Security Alert, Slackware Security Fixes, Database Issues. . Severity: Critical. LinuxSecurity.com Team
May 21, 2022
•Critical
Slackware
203
security advisorycriticalprivilege escalationMageia 8: MGASA-2021-0520 Critical: CouchDB Privilege Escalation Update
Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. (CVE-2021-38295) References: - https://bugs.mageia.org/show_bug.cgi?id=29548 . MGASA-2021-0520 - Updated couchdb packages fix security vulnerability Publication date: 25 Nov 2021 URL: https://advisories.mageia.org/MGASA-2021-0520.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-38295 Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. (CVE-2021-38295) References: - https://bugs.mageia.org/show_bug.cgi?id=29548 - https://www.openwall.com/lists/oss-security/2021/10/12/2 - https://www.cve.org/CVERecord?id=CVE-2021-38295 SRPMS: - 8/core/couchdb-3.1.2-1.mga8 . CouchDB has rolled out a security patch that rectifies a privilege escalation vulnerability impacting Mageia 8. Ensure your systems remain secure by applying the latest package updates!. CouchDB Security Update, Mageia Advisory, Privilege Escalation Fix. . Severity: Critical. LinuxSecurity.com Team
Nov 25, 2021
•Critical
Mageia
98
security advisoryred hatimportantRed Hat: RHSA-2017-3265-01 Important: MySQL Security Update
An update for rh-mysql56-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-mysql56-mysql security update Advisory ID: RHSA-2017:3265-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:3265 Issue date: 2017-11-27 CVE Names: CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-10286 CVE-2017-10294 CVE-2017-10314 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 ==================================================================== 1. Summary: An update for rh-mysql56-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MySQL is a multi-user, multi-threaded SQL database server. Itconsists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql (5.6.38). (BZ#1505112) Security Fix(es): * This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page listed in the References section. (CVE-2017-10155, CVE-2017-10227, CVE-2017-10268, CVE-2017-10276, CVE-2017-10279, CVE-2017-10283, CVE-2017-10286, CVE-2017-10294, CVE-2017-10314, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1503649 - CVE-2017-10155 mysql: Server: Pluggable Auth unspecified vulnerability (CPU Oct 2017) 1503654 - CVE-2017-10227 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) 1503656 - CVE-2017-10268 mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) 1503659 - CVE-2017-10276 mysql: Server: FTS unspecified vulnerability (CPU Oct 2017) 1503663 - CVE-2017-10279 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) 1503664 - CVE-2017-10283 mysql: Server: Performance Schema unspecified vulnerability (CPU Oct 2017) 1503669 - CVE-2017-10286 mysql: Server: InnoDB unspecified vulnerability (CPU Oct 2017) 1503671 - CVE-2017-10294 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) 1503679 - CVE-2017-10314 mysql: Server: Memcached unspecified vulnerability (CPU Oct 2017) 1503684 - CVE-2017-10378 mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) 1503685 - CVE-2017-10379 mysql: Client programs unspecified vulnerability (CPU Oct 2017) 1503686 - CVE-2017-10384 mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) 6. Package List: Red Hat Software Collections forRed Hat Enterprise Linux Server (v. 6): Source: rh-mysql56-mysql-5.6.38-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.38-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-mysql56-mysql-5.6.38-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.38-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-mysql56-mysql-5.6.38-1.el6.src.rpm x86_64: rh-mysql56-mysql-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-bench-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-common-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-config-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-devel-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-server-5.6.38-1.el6.x86_64.rpm rh-mysql56-mysql-test-5.6.38-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: rh-mysql56-mysql-5.6.38-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.38-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3): Source: rh-mysql56-mysql-5.6.38-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.38-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-mysql56-mysql-5.6.38-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.38-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.7): Source: rh-mysql56-mysql-5.6.38-1.el7.src.rpm x86_64: rh-mysql56-mysql-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-bench-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-common-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-config-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-debuginfo-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-devel-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-errmsg-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-server-5.6.38-1.el7.x86_64.rpm rh-mysql56-mysql-test-5.6.38-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-10155 https://access.redhat.com/security/cve/CVE-2017-10227 https://access.redhat.com/security/cve/CVE-2017-10268 https://access.redhat.com/security/cve/CVE-2017-10276 https://access.redhat.com/security/cve/CVE-2017-10279 https://access.redhat.com/security/cve/CVE-2017-10283 https://access.redhat.com/security/cve/CVE-2017-10286 https://access.redhat.com/security/cve/CVE-2017-10294 https://access.redhat.com/security/cve/CVE-2017-10314 https://access.redhat.com/security/cve/CVE-2017-10378 https://access.redhat.com/security/cve/CVE-2017-10379 https://access.redhat.com/security/cve/CVE-2017-10384 https://access.redhat.com/security/updates/classification#important https://www.oracle.com/security-alerts/cpuoct2017.html https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaHFxyXlSAg2UNWIIRArs4AKCtqJkkdgJedZBXj2fLS08MjvO+1wCfdwiE 7GdkIkP2TnZZdMunnC31G3I=B3om -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 27, 2017
•Important
Red Hat
200
security advisorymoderateremote accessSciLinux Advisory: SLSA-2017-2860-1 PostgreSQL Empty Password Access Risk
It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. (CVE-2017-7546) SL6 x86_64 postgresql-debuginfo-8.4.20-8.el6_9.i686.rpm postgresql-debuginfo-8.4.20-8.el6_9.x86_64.rpm p [More...]. Synopsis: Moderate: postgresql security update Advisory ID: SLSA-2017:2860-1 Issue Date: 2017-10-05 CVE Numbers: CVE-2017-7546 -- Security Fix(es): * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. (CVE-2017-7546) -- SL6 x86_64 postgresql-debuginfo-8.4.20-8.el6_9.i686.rpm postgresql-debuginfo-8.4.20-8.el6_9.x86_64.rpm postgresql-libs-8.4.20-8.el6_9.i686.rpm postgresql-libs-8.4.20-8.el6_9.x86_64.rpm postgresql-8.4.20-8.el6_9.i686.rpm postgresql-8.4.20-8.el6_9.x86_64.rpm postgresql-contrib-8.4.20-8.el6_9.x86_64.rpm postgresql-devel-8.4.20-8.el6_9.i686.rpm postgresql-devel-8.4.20-8.el6_9.x86_64.rpm postgresql-docs-8.4.20-8.el6_9.x86_64.rpm postgresql-plperl-8.4.20-8.el6_9.x86_64.rpm postgresql-plpython-8.4.20-8.el6_9.x86_64.rpm postgresql-pltcl-8.4.20-8.el6_9.x86_64.rpm postgresql-server-8.4.20-8.el6_9.x86_64.rpm postgresql-test-8.4.20-8.el6_9.x86_64.rpm i386 postgresql-debuginfo-8.4.20-8.el6_9.i686.rpm postgresql-libs-8.4.20-8.el6_9.i686.rpm postgresql-8.4.20-8.el6_9.i686.rpm postgresql-contrib-8.4.20-8.el6_9.i686.rpm postgresql-devel-8.4.20-8.el6_9.i686.rpm postgresql-docs-8.4.20-8.el6_9.i686.rpm postgresql-plperl-8.4.20-8.el6_9.i686.rpm postgresql-plpython-8.4.20-8.el6_9.i686.rpm postgresql-pltcl-8.4.20-8.el6_9.i686.rpm postgresql-server-8.4.20-8.el6_9.i686.rpm postgresql-test-8.4.20-8.el6_9.i686.rpm - Scientific Linux Development Team . Recent security update for PostgreSQL on SL6 addresses critical issue of unprotected password, mitigating risk of unauthorized access.. Postgresql Security Update, SL6 Database Access, Authentication Issues, Remote Access Vulnerability. . Severity: Important. LinuxSecurity.com Team
Oct 05, 2017
•Important
Scientific Linux
98
security advisoryimportantmariadbRed Hat: RHSA-2015-1646-01 Important: MariaDB Threats Security Advisory
Updated rh-mariadb100-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-mariadb100-mariadb security update Advisory ID: RHSA-2015:1646-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2015:1646.html Issue date: 2015-08-20 CVE Names: CVE-2015-2582 CVE-2015-2611 CVE-2015-2617 CVE-2015-2620 CVE-2015-2639 CVE-2015-2641 CVE-2015-2643 CVE-2015-2648 CVE-2015-2661 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4756 CVE-2015-4757 CVE-2015-4761 CVE-2015-4767 CVE-2015-4769 CVE-2015-4771 CVE-2015-4772 ==================================================================== 1. Summary: Updated rh-mariadb100-mariadb packages that fix several security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red HatSoftware Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2582, CVE-2015-2611, CVE-2015-2617, CVE-2015-2620, CVE-2015-2639, CVE-2015-2641, CVE-2015-2643, CVE-2015-2648, CVE-2015-2661, CVE-2015-4737, CVE-2015-4752, CVE-2015-4756, CVE-2015-4757, CVE-2015-4761, CVE-2015-4767, CVE-2015-4769, CVE-2015-4771, CVE-2015-4772) These updated packages upgrade MariaDB to version MariaDB 10.0.20. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1217506 - CVE-2015-3152 mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM) 1244768 - CVE-2015-2582 mysql: unspecified vulnerability related to Server:GIS (CPU July 2015) 1244769 - CVE-2015-2611 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244770 - CVE-2015-2617 mysql:unspecified vulnerability related to Server:Partition (CPU July 2015) 1244771 - CVE-2015-2620 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244772 - CVE-2015-2639 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244773 - CVE-2015-2641 mysql: unspecified vulnerability related to Server:Security:Privileges (CPU July 2015) 1244774 - CVE-2015-2643 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244775 - CVE-2015-2648 mysql: unspecified vulnerability related to Server:DML (CPU July 2015) 1244776 - CVE-2015-2661 mysql: unspecified vulnerability related to Client (CPU July 2015) 1244778 - CVE-2015-4737 mysql: unspecified vulnerability related to Server:Pluggable Auth (CPU July 2015) 1244779 - CVE-2015-4752 mysql: unspecified vulnerability related to Server:I_S (CPU July 2015) 1244780 - CVE-2015-4756 mysql: unspecified vulnerability related to Server:InnoDB (CPU July 2015) 1244781 - CVE-2015-4757 mysql: unspecified vulnerability related to Server:Optimizer (CPU July 2015) 1244782 - CVE-2015-4761 mysql: unspecified vulnerability related to Server:Memcached (CPU July 2015) 1244784 - CVE-2015-4767 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244785 - CVE-2015-4769 mysql: unspecified vulnerability related to Server:Security:Firewall (CPU July 2015) 1244786 - CVE-2015-4771 mysql: unspecified vulnerability related to Server:RBR (CPU July 2015) 1244787 - CVE-2015-4772 mysql: unspecified vulnerability related to Server:Partition (CPU July 2015) 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.6): Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.6): Source: rh-mariadb100-mariadb-10.0.20-1.el6.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el6.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-mariadb100-mariadb-10.0.20-1.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-mariadb100-mariadb-10.0.20-1.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.7): Source: rh-mariadb100-mariadb-10.0.20-1.el7.src.rpm x86_64: rh-mariadb100-mariadb-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-bench-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-common-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-config-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-debuginfo-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-devel-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-errmsg-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-oqgraph-engine-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-server-10.0.20-1.el7.x86_64.rpm rh-mariadb100-mariadb-test-10.0.20-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2015-2582 https://access.redhat.com/security/cve/CVE-2015-2611 https://access.redhat.com/security/cve/CVE-2015-2617 https://access.redhat.com/security/cve/CVE-2015-2620 https://access.redhat.com/security/cve/CVE-2015-2639 https://access.redhat.com/security/cve/CVE-2015-2641 https://access.redhat.com/security/cve/CVE-2015-2643 https://access.redhat.com/security/cve/CVE-2015-2648 https://access.redhat.com/security/cve/CVE-2015-2661 https://access.redhat.com/security/cve/CVE-2015-3152 https://access.redhat.com/security/cve/CVE-2015-4737 https://access.redhat.com/security/cve/CVE-2015-4752 https://access.redhat.com/security/cve/CVE-2015-4756 https://access.redhat.com/security/cve/CVE-2015-4757 https://access.redhat.com/security/cve/CVE-2015-4761 https://access.redhat.com/security/cve/CVE-2015-4767 https://access.redhat.com/security/cve/CVE-2015-4769 https://access.redhat.com/security/cve/CVE-2015-4771 https://access.redhat.com/security/cve/CVE-2015-4772 https://access.redhat.com/security/updates/classification/#important https://www.oracle.com/security-alerts/cpujul2015.html https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-10-0-series/mariadb-10020-release-notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV1ZT+XlSAg2UNWIIRApd3AJ9fwSPdqMpD7wOcRHne+aF29BnkKQCgwgMI V4zNFDKROJtMhbewJtXhPwc=upWD -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Aug 20, 2015
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!